The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.
SVG:Advisory-SVG-2012-4670
Jump to navigation
Jump to search
| Main page | Software Security Checklist | Issue Handling | Advisories | Notes On Risk | Advisory Template | More |
Advisory-SVG-2012-4670
** WHITE information - Unlimited distribution allowed **
** see https://wiki.egi.eu/wiki/EGI_CSIRT:TLP for distribution restrictions **
EGI SVG ADVISORY [EGI-SVG-2012-4670]
Title: EGI SVG Advisory 'Moderate' Risk DPM buffer overflow in SRM v2.2 endpoint
Date: 2013-02-19
URL: https://wiki.egi.eu/wiki/SVG:Advisory-SVG-2012-4670
Introduction
============
A buffer overflow vulnerability has found in DPM in SRM v2.2 endpoint
A new version of DPM which resolves these vulnerabilities is now available in the in
the EMI-1 and EMI-2 distributions.
This version is also available in EGI UMD-1 and EGI UMD-2.
Details
=======
A buffer overflow vulnerability has been found in DPM in the SRM v2.2 endpoint
Risk category
=============
This issue has been assessed as "Moderate" risk by the EGI SVG Risk Assessment Team.
Affected software
=================
DPM version 1.8.4 available both in the EMI 2 distribution and the EGI UMD 2 distribution.
DPM version 1.8.2 available both in the EMI 1 distribution and the EGI UMD 1 distribution
This vulnerability has been fixed in DPM 1.8.6 as available in EMI 1 Update 23 and EMI 2 Update 8.
The package has also been released in EGI UMD-1
Release 1.10.0 http://repository.egi.eu/2013/02/19/release-umd-1-10-0/
and UMD-2 Release 2.4.0
http://repository.egi.eu/2013/02/18/release-umd-2-4-0/
Component installation information
==================================
The official repository for the distribution of grid middleware for EGI sites is
repository.egi.eu which contains the EGI Unified Middleware Distribution (UMD).
Sites using the EGI UMD should see:
http://repository.egi.eu/category/umd_releases/distribution/umd-2/
http://repository.egi.eu/category/umd_releases/distribution/umd_1/
Sites installing directly from EMI should see:
http://www.eu-emi.eu/emi-2-matterhorn/updates/
http://www.eu-emi.eu/emi-1-kebnekaise-updates/
Recommendations
===============
Sites are recommended to update relevant components.
Credit
======
This vulnerability was reported to SVG by Eygene Ryabinkin
Timeline
========
Yyyy-mm-dd
2012-11-19 Vulnerability reported by to SVG by Eygene Ryabinkin
2012-11-19 Acknowledgement from the EGI SVG to the reporter
2012-11-21 Assessment by the EGI Software Vulnerability Group reported
to the software providers
2013-01-28 Updated packages available in the EMI distribution
2013-02-19 Updated packages available in the EGI UMD-1 and EGI UMD-2
2013-02-19 Public disclosure